> "Handbook of Applied Cryptography" ("HAC")
> ... but the principles stated in those books are
> still valid and worth knowing.
Section 9.6 of the HAC is no longer applicable, and should be
considered wrong (worth mentioning since its not a typo or other
errata, and it applies to the entire section).
Jeff
On Fri, Jul 9, 2010 at 5:44 AM, Jakob Bohm <jb-open...@wisemo.com> wrote:
> On 09-07-2010 03:31, Chuck Pareto wrote:
>>
>> My group is using RSA with a key thats 2048 in size. We want to encrypt
>> strings that are longer then this key size gives.
>> If we switch to a key that is 4096 what is the max string length we can
>> encrypt? is it double?
>
> You normally don't encrypt data directly with RSA. You use RSA to
> encrypt a random encryption key (such as a 256 bit AES key), using a
> standardized format (such as PKCS#1v2.0) to turn the random key into
> a value which can be safely encrypted with RSA without making that RSA
> key easier to break.
>
> Then you encrypt your data (up to whatever limit is safe for the
> chosen symmetric encryption algorithm, such as 256 bit AES with
> mode=GCM).
>
> I think you should go back and read some of the fundamental teachbooks on
> crypto before trying such things.
>
> The two most commonly recommended books are
>
> "Handbook of Applied Cryptography" ("HAC")
>
> "Applied Cryptography, 2nd edition" ("AE2") by Bruce Schneier
>
> Both books are somewhat old on what algorithm names and sizes they
> mention or recommend, but the principles stated in those books are
> still valid and worth knowing.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
